tor 2012-01-26 klockan 10:20 +0400 skrev CyberSoul:
> dn: CN=internetusers,OU=KNG-Services,DC=kng,DC=local
> member: CN=ldapreader,OU=KNG-Services,DC=kng,DC=local
member have full LDAP DNs.
> Well, command for authorized by users I used is:
> /usr/lib/squid/squid_ldap_auth -R -D ldapreader_at_kng.local -w "12345678" \
> -b "dc=kng,dc=local" -f "sAMAccountName=%s" -h 192.168.4.100
> and it's work:
> ldapreader 12345678
> OK
Good. So you know how to look up users. Not reuse that in
squid_ldap_group as documented in it's man page. The two are closely
related.
squid_ldap_group -R -D ldapreader_at_kng.local -w "12345678" \
-b "dc=kng,dc=local" -F "sAMAccountName=%s" -h 192.168.4.100 \
-f "(&(objectClass=group)(member=%s))"
note the -F which needs to be the same as -f to squid_ldap_auth. This
allows squid_ldap_group to locate the user object (DN) enabling it to
then lookup DN based group membership.
Regards
Henrik
Received on Thu Jan 26 2012 - 19:12:58 MST
This archive was generated by hypermail 2.2.0 : Fri Jan 27 2012 - 12:00:03 MST